on 12-12-2014 6:23 PM
Hi Experts,
We have a scenario in which we are calling BLS from oracle database using trigger. The call is made using the following URL:
http://<Host name>:50000/XMII/Runner?Transaction=<TRX_Path>&Material=MATNR&Pallet_id=PALLET&Plant=PLANT&Proc_order=PROC&Prodline=PROD&Quantity=QTY&Start_Date=DAT&Start_Time=TIM&Status=STAT&UOM=UOM1&User_name=USER&OutputParameter=*
This used to work fine in 11.5 but when we upgraded to 14.0 it is not working. We have maintained server details in \etc\host file.
We were getting error in file 'Error 1 Text.txt'. "A possible Cross-Frame Scripting attack has been prevented. Please contact your system administrator or refer to" this was the last error message. We checked this on SCN and based on the search results we have implemented SAP note 1651004 wherein setting in netweaver is required to be changed. After note was implemented we are getting another error text ('Error 2 Text.txt') "This will happen if the browser running the page tha". We tried a few ways but could not capture the full message coming.
Has anybody of faced similar problem? I would highly appreciate any hint which could help in solving this problem.
System Information:
NW 7.31 SP 10
Oracle 11.2.0.4
MII 14.0 SP5 patch 7
Regards,
Darshan
Hi All,
Found the solution:
1) If we use SET DEFINE before running the Select statement, the URL call is successful
2) In Stored procedure there is no need to call SET DEFINE. Stored procedure will work properly without it. It will send the URL as it to the destination system. no need to worry about the oracle/sql escape characters in the URL
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I do not see the "IllumLoginName" and "IllumLoginPassword" parameters in your Runner servlet call example. Please verify they are included, the only way you would get the Login.jsp page back in your HTTP response body is if your authentication failed; so you get redirected.
Sam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sam,
"IllumLoginName" and "IllumLoginPassword" are included in the call. When i execute the URL in the browser BLS gets executed successfully. I could see the processing of the called transaction in the transaction manager.
when i call the URL from DB it gives the error. I have verified that the values passed for "IllumLoginName" and "IllumLoginPassword" are valid and not locked.
Regards,
Darshan Sheth
Can you setup something like Fiddler (http://www.telerik.com/fiddler) on the server and post the results of this tool when the DB makes the call to MII?
Thanks,
Sam
Hello darshan,
You are actually getting MII login page in response to the URL you are calling. Please pass valid user name and password to authenticate yourself and run the transaction.
Regards,
Anushree
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Christian/Anushree,
I have now modified the URL by adding Illum login name and password:
http://<Host name>:50000/XMII/Runner?Transaction=<TRX_Path>&Material=MATNR&Pallet_id=PALLET&Plant=PLANT&Proc_order=PROC&…
When i run the url in browser it gives me the expected results but when i try to trigger it from Oracle i am still getting the error as below:
"<script>
var inPortalScript = false
var webpath = "/logon_ui_resources/"
</script>
<html>
<head>
<BASE target="_self">
<link rel=stylesheet href="https://answers.sap.com/logon_ui_resources/css/ur/ur_ie5.css">
<title>User Management, SAP AG</title>
<script language="javascript">
var originWindowName=window.name;
window.name="logonAppPage";
function restoreWindow() {
try{
window.name=originWindowName;
} catch(ex){}
}
</script>
<script language="JavaScript">
function putFocus(formInst, elementInst) {
if (document.forms.length > 0) {
document.forms[formInst].elements[elementInst].focus();
}
}
function setValuesAutoCreation() {
var form = document.getElementById('logonForm');
form.j_username.value="";
form.j_password.value="";
form.automaticAccountCreation.value="true";
}
function submitForm() {
var form = document.getElementById('logonForm');
form.submit();
}
function clearEntries() {
document.logonForm.longUid.value="";
document.logonForm.password.value="";
}
function setFocusToFirstField() {
myform = document.logonForm;
try{
for (i=0; i<myform.length; i++) {
elem = myform.elements[i];
if (!elem.disabled) {
elemType = elem.type;
if (elemType=="text" || elemType=="password") {
if (!elem.readOnly) {
elem.focus();
break;
}
}
if (elemType=="select-one" || elemType=="select-multiple" || elemType=="checkbox" || elemType=="radio") {
elem.focus();
break;
}
}
}
} catch(ex){
}
}
function addTenantPrefix() {
return true;
}
</script>
</head>
<body class="urBdyStd" bgcolor="#F7F9FB" onLoad="setFocusToFirstField()" onUnload="restoreWindow()">
Thanks,
Darshan
<script language="JavaScript">
var blockPage = false;
</script>
<script language="JavaScript">
try {
if (top.document.domain != self.document.domain) {
blockPage = true;
}
} catch (error) {
// This will happen if the browser running the page tha"
Hi Darshan,
Please take a look at the below link:
Security Audit Log of the AS Java - System Security - SAP Library
Regards,
Anushree
Hi Anushree,
Thanks for the link. Based on the link security audit log is present at the location:
\usr \sap \ <SID> \ <instance_number> \j2ee \cluster \server <n> \log \system \security_audit.log
when i checked in my server at the following path:
D:\usr\sap\<SID>\J00\j2ee\cluster\server0\log\system
I could see that there is file security_audit_00.0.log. This file is not updated with any information since 05/21/2014. Could it be that the logging for security audit file would have been switched off.
Regards,
Darshan
Hi Darshan,
It could be that logging is switched off. Check log level of log controllers.
Here is how to do it:
Configuring Log Controllers - Monitoring - SAP Library
Events are stated in the link I provided earlier
Regards,
Anushree
Hi Anushree,
Logging for security audit is switched on now. I executed the call after the logging was switched on and there are no entries in the security_audit_00.0.log file.
I passed incorrect password in IllumLoginPassword field but still no entries in the log file.
To check if logging is actually switched on i provided incorrect credentials while logging in from Menu.jsp and was able to see the entries related to the failed attempt in security_audit_00.0.log file.
Regards,
Darshan
Hi Anushree,
Logging for security audit is switched on now. I executed the call after the logging was switched on and there are no entries in the security_audit_00.0.log file.
I passed incorrect password in IllumLoginPassword field but still no entries in the log file.
To check if logging is actually switched on i provided incorrect credentials while logging in from Menu.jsp and was able to see the entries related to the failed attempt in security_audit_00.0.log file.
Regards,
Darshan
How are you passing the credentials?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
8 | |
7 | |
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.